The number of security incidents involving mobile devices has increased over the past year, but companies are not protecting their mobile assets as well as they do other systems. One in three organizations admitted to suffering a compromise due to a...

Digitally transforming enterprises are now able to seamlessly integrate a myriad of service providers and business partners globally through diverse private interconnections. Equinix’s Global Interconnection Index volume 2 (GXI2)...

Networking vendor Juniper Networks has rolled out a new security architecture that will connect and operate with an enterprise customer's existing stack of products.
Named ‘Juniper Connected Security’, the open platform automates...

Rapid digitalisation has resulted in a surge in both the number of endpoints and the means by which cybercriminals can infiltrate enterprise networks. Around the globe, the total financial damage due to cybercrimes is predicted to reach $8 trillion...

Topic

Global supply chains and trade networks are becoming more complex as a result of shifting patterns within the logistics industry, including changing demands of vendors and customers.
In reality, not all businesses are able to navigate these...

Public cloud services are a strategic weapon for CIOs. More than a way to cease operating data centers, the public cloud offers CIOs the ability to focus on strategic projects aimed at boosting the bottom line.
“As organizations pursue new...

Removing the cyber criminal’s mask of anonymity

Cyber crime is a serious business in Asia Pacific, with over
US$1.7 trillion lost to cyber attacks last year, equating to
7% of the region’s GDP and representing around
a third of overall global cyber crime.

This is largely because digitalization is rapid and technologies
to combat cyber threats aren’t being implemented quickly enough
to keep up; as fast as detection and prevention techniques
improve, cyber crime continues to become more sophisticated.
Attitudes towards cyber security are outdated, with a survey of
IT and business decision makers revealing that although
half have experienced a cyber attack, only a fifth see cyber
security investments as a business differentiator.

With an ever-increasing number of entry points for cyber crime in
the form of connected devices, a solution is needed to identify
fraudulent users and block suspicious activity at the source –
and IP geolocation provides a valuable tool to achieve this.

The simplicity of digital disguise

The major reason cyber crime is so difficult to detect and
prevent is the borderless nature of the internet, which enables
illegal activity to be executed from anywhere in the world. Fraud
follows money and the internet makes this easier to do. From
malicious scams and ransomware to account takeover or application
fraud, the culprits can target businesses and users on the other
side of the globe, with little risk of being caught.

Increasingly sophisticated criminal organizations can mask their
true identity and location using a variety of proxies. These
mechanisms include Virtual Private Networks (VPNs), proxy
servers, TOR networks, hosting centers, and Domain Name Systems,
which effectively make the user anonymous.

A case of mistaken identity

With the use of proxies to mask criminal activities widely
understood, it might seem reasonable to block all online traffic
that flows through these mechanisms. But the negative impact of
doing so could be even greater than the effect of the
crime. Many people use proxies for perfectly legitimate
purposes and businesses risk alienating these individuals by
taking a blanket blocking approach.

VPNs, for instance, can be used to increase security, prevent
tracking, and maintain privacy. They are also widely used to
access restricted content and for cross-border communication. VPN
use varies greatly by region but in countries such as Thailand,
Indonesia, China, and Malaysia it is particularly high, and
blocking all traffic coming through a VPN would mean obstructing
up to
40% of internet users.

With blocking all proxy users clearly not a viable option,
eliminating cyber crime requires a more nuanced approach that
distinguishes between legitimate proxy use and illegal activity.
And this is where IP geolocation comes into its own.

Locating the cyber criminals

IP addresses are fundamental to internet access, making IP
intelligence the best place to start when combatting cyber crime.
Premium IP geolocation uses advanced traceroute technology
layered with high quality third-party data to deliver granular
information about a user’s whereabouts, as well as how they are
accessing the internet.

IP data varies greatly in coverage and accuracy depending on the
source, but premium IP geolocation data delivers a high level of
granularity, allowing a user’s location to be reliably determined
down to postcode level, without making them personally
identifiable. When combined with connection characteristics, this
data can be used to help determine suspicious connections without
violating user’s privacy.

Once the user’s location is reliably identified, this information
can be used in a variety of ways. Smart rules can be implemented
such as comparing the IP location with the user’s bill-to or
ship-to location, and account log-ins from unusual or potentially
high-risk areas can be highlighted. In addition, velocity
patterns can be applied to identify where the user location
changes at unexpected speed or in an illogical sequence, often
signaling dubious activity. The more IP data layers a solution
uses to analyze internet traffic, the more suspicious connections
will be identified.

Highlighting suspicious activity enables further action to be
taken. At the lower end of the scale this could simply mean
marking it for further internal review, while at the other, more
serious, end of the scale it will mean immediately inhibiting
user access. Where the risk is judged to be moderate, a user
verification request could be sent, either via email or SMS, to
ensure the user really is who they claim to be.

Using exceptionally accurate IP geolocation data enables
legitimate proxy users to be distinguished from cyber criminals,
significantly reducing the chance of false positives where
innocent users are mistakenly blocked. Where legitimate users are
occasionally asked to verify their identity, this should not be a
negative experience as it illustrates a responsible approach to
cyber security. Applying a smarter approach to detecting
suspicious activity not only increases detection rates and
reduces false positives, but also improves the visitor
experience.

Cyber crime is a major issue that is continually evolving, and
combatting it requires a sophisticated solution to identify and
block suspicious activity at the source without compromising
genuine users. IP geolocation delivers advanced intelligence that
effectively removes the cyber criminal’s mask of anonymity and
enables dubious activities to be detected and prevented, while
maintaining a positive experience for authentic
users.

Steve Sawyer, Vice President of International Strategy,
Digital Element